Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

7 reasons why you shouldn’t choose SPAN as a real visibility access device!

Posted by Tim O'Neill | 5/24/18 8:00 AM

Every day I come across network techs who continue to rely on SPAN ports for their network access method.  This blows my mind as its been proven time and again why you shouldn’t rely on SPAN ports. Let me share with you some of those reasons why:

First - Spanning or mirroring changes the timing of the frame interaction (what you see is not what really happened!).

Second - The spanning algorithm is not designed to be the primary focus or the main function of the device like switching or routing, so the first priority is not spanning and if replicating a frame becomes an issue, the hardware will temporally drop the SPAN process resulting in dropped frames and timing that is way off.

Third - If the load on the bus of the SPAN port becomes overloaded frames are just dropped along with all frames that are corrupted in any way.

 

What Your Network Is Missing 7 Tools To TAP

 

Fourth – Proper spanning requires that a network engineer configure the switches properly through Line Code and this takes away from the more important tasks that network engineers have. Many times configurations can become a political issue (constantly creating contention between the IT team, the security team and the compliance team).

Fifth – A SPAN port drops all packets that are corrupt, those that are below the minimum size or oversized, so all frames are not passed on. All of these events can occur and no notification is sent to the user, so there is no guarantee that one will get all the data required for proper analysis. Corrupted CRC frames can come from many issues and they are important to know.

Sixth - A SPAN port is not a passive visibility technology. Some may say that SPAN port access is a passive data access solution – but passive means “having no effect”. However  spanning (mirroring) does have measurable and non-repeatable/variable effect on the data that is delivered to analysis and storage equipment.

Seventh - SPAN ports are not a scalable technology. With Gigabit, 10 Gigabit and up technologies the maximum bandwidth is now twice the base bandwidth – so a Full Duplex (FDX) Gigabit link is now 2 Gigabits of data and a 10 Gigabit FDX link is now 20 Gigabits of potential data (– InterFrame gaps).

No switch or router can handle replicating/mirroring all this data plus handling its primary job of switching and routing. It is difficult if not impossible to pass all frames (good and bad one) including FDX traffic at full time rate, in real time at non blocking, no loss speeds.

In summary, the fact that SPAN port is not a passive data visibility access technology, or even entirely non-intrusive can be a problem particularly for data security and compliance monitoring or lawful intercept. Since there is no guarantee of absolute fidelity, it is likely that evidence gathered by this monitoring process will be challenged in the court of law.

[Not using SPAN? See if you are optimizing your network with our white paper What Your Network is Missing: 7 Tools to TAP]

Topics: TAPs vs SPAN, Network TAPs

Written by Tim O'Neill

As the Senior Technology Consultant & Chief Editor at LoveMyTool, Tim O’Neill has over 45 years of technology experience at data/voice and video networking analysis companies, including successful senior roles in Sales, Product Design, Marketing Management, Business Development and Security.